cve/CVE-2021-32489.md at 7909e50b64548be2689e5ad0bc37714dc0608a96

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 09:12:08 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product.

POC

Reference

https://blog.inhq.net/posts/yubico-libyubihsm-vuln2/#second-attack-variant-cve-pending

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/chnzzh/OpenSSL-CVE-lib

1.0 KiB Raw Blame History

CVE-2021-32489

Description

POC

Reference

Github

1.0 KiB

Raw Blame History